Have You Planned Your Ransomware Response?
written by DARREN COLEMAN posted on September 15, 2021
What Is Your Ransomware Response?
It feels like no more than a few days go by without another ransomware story in the news. What used to be just one threat present in the cybercrime landscape has now become the most clear and present danger to modern businesses.
Don’t assume we’re exaggerating this for effect — experts estimate that a ransomware attack will occur every 11 seconds in 2021. That’s why you need to take action and defend yourself.
What Would Happen If You Were Infected With Ransomware Right Now?
Do you have a plan? Are your system endpoints protected? Are your backups recent, tested, and viable?
It’s a mistake to assume that just because you haven’t been hit by ransomware yet, that you won’t be anytime soon. You may think you can put off investing in effective cybersecurity support, but without warning, you may get hit.
The Threat Of Ransomware Is Evolving
Just a few years ago, ransomware wasn’t as big of a concern. While high-profile incidents like the WannaCry attack on the NHS were concerning, they were far and few between. If you had a recent backup of your data in place, you could rely on that to replace your data in the event it was encrypted by ransomware.
Since then, however, the way cybercriminals use ransomware has evolved. They have improved their tactics and capabilities, allowing them to do much more damage, and demand much more money. Characteristics of modern ransomware attacks include:
- Expanded Timelines: Sophisticated attackers sneak ransomware into a breached network and then lay dormant for weeks or months, ensuring their method of entry isn’t discovered right away. This gives them time to embed themselves, steal data, and more, all before they actually activate the ransomware and infect the systems. Without undertaking extensive forensic processes, an infected business won’t know how far back they need to go to back up their systems. Or, even worse, it will be so far back that they’ve already expunged those backups to make room for more recent versions.
- Improved Capabilities: Modern forms of ransomware can even target and infect backup hard drives and cloud-based data if the connections are left unsecured. That’s why cybersecurity professionals are now recommending digitally-air-gapped backups as well. Given the effectiveness of modern ransomware attacks, defensive methods and best practices from just a few years ago are already losing feasibility. All of this is to say that you can’t assume you won’t be infected at some point. No matter how strong your defensive capabilities are, ransomware may still get through. That’s why you need to plan out how to respond to an attack.
How Should You Respond To A Ransomware Attack?
- Disconnect: If a business suspects their networks are at immediate risk, the first step is to disconnect the computer from the company’s network to inhibit further exploitation attempts on other systems. Simply remove the network cable from its connection point, usually a tower or laptop. This step should be then followed by disabling the WiFi settings. It is critical that this is performed manually to make sure it’s been properly disconnected.
- Power Down: Once the computer has been removed from the network, it is then necessary to power down the machine to prevent any potential damage.
- Contact Your Cybersecurity Professionals: Whether you have one on speed dial or not, your next step is to get professional assistance. Restoring backed-up data and limiting the continued spread of ransomware is a complicated process — don’t try to handle it alone if you don’t know what you’re doing.
A key aspect in your continuity following a ransomware attack is your data backup. If you have you have a data backup solution, then it doesn’t matter if your data has been encrypted. You can just replace it with your backup, simple as that.
That’s why you should make a considerable investment in a comprehensive backup data recovery solution so that you can restore your data at a moment’s notice when necessary. Be sure to:
- Back up data on a regular basis, both on and offsite.
- Inspect your backups manually to verify that they maintain their integrity.
- Secure your backups and keep them independent from the networks and computers they are backing up.
- Separate your network from the backup storage, so the encryption process is unable to “hop” networks to the backup storage device. This keeps your backup data from being encrypted.
You Can’t Ignore Ransomware And Hope It Goes Away
In summary, there will never be a way to be 100% protected from an attack, or worse, an actual breach. However, by implementing the proper security measures, training, and constant re-evaluation of these security measures, the risk of being infected with ransomware can be dramatically reduced.
Get in touch with the Coleman Technologies team to discover more about developing a modern ransomware defence.